News

The VectorLinux team is proud to announce the release of VectorLinux 5.9 Light final. Living
up to the Vector motto of "When Choice Matters," we give you lots of
choices in a small package. JWM and Fluxbox window managers for those
who want something very light and basic, and the exciting new
lightweight desktop environment, LXDE for those who want more features.
You will find XFE and Pcmanfm file managers, Opera, Dillo and Lynx web
browsers. Xine, MPlayer, and XMMS handle Multimedia while Abiword and
Gnumeric cover basic office tasks. Of course the usual Vector tools are
included to make your life easier. We think you will find this very
fast and very efficient and a perfect fit to any pc new or old.

Although
centered around lightweight applications, the complete underlying
Vector base allows you to modify and customize your system to your
liking. Additional applications are available through the package
manager or by compiling your own applications. Standard command line
tools or graphical versions like gslapt and vpackager are at your
disposal.

Seamonkey-1.1.11

A new Seamonkey package is available for VL5.8 and VL5.9. This is a security fix release. You can read the release notes here, and the security fixes here. This also includes updated window icons by jtek.

The SeaMonkey browser suite. SeaMonkey features a state-of-the-art web browser and powerful email client, as well as a WYSIWYG web page composer and a feature-rich IRC chat client. For web developers, mozilla.org's DOM inspector and JavaScript debugger tools are included as well.

Seamonkey-1.1.10

Incognu has packaged seamonkey-1.1.10 for VL5.8 and VL5.9. This is a security fix release. You can read the release notes here, and the security fixes here. This also includes updated window icons by jtek.

The SeaMonkey browser suite. SeaMonkey features a state-of-the-artweb browser and powerful email client, as well as a WYSIWYG web pagecomposer and a feature-rich IRC chat client. For web developers, mozilla.org's DOM inspector and JavaScript debugger tools are included as well.

Ruby 1.8.6_p230

Ruby-1.8.6_p230 is available for VectorLinux-5.9 to fix security issues reported here:

http://www.slackware.com/security/viewer.php?l=slackware-security

Ruby (Interpreted object-oriented scripting language)

Ruby is an interpreted scripting language for quick and easyobject-oriented programming. It has many features to process textfiles and to do system management tasks (as in Perl). It is simple,straight-forward, and extensible.

This is a TLS (Transport Layer Security) 1.0 and SSL (Secure SocketsLayer) 3.0 implementation. In brief, GnuTLS can be described as alibrary which offers an API to access secure communication protocols.These protocols provide privacy over insecure lines, and were designedto prevent eavesdropping, tampering, or message forgery.

New samba packages are available for Vector Linux 5.9 to fix a security issue:

Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations."
This flaw affects Samba versions from 3.0.0 through 3.0.29.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

Mozilla-thunderbird 2.0.0.14 is available for 5.8 and 5.9 to fix security issues, including crashes that can corrupt
memory, as well as a JavaScript privilege escalation and arbitrary code
execution flaw.
More details about these issues may be found here:

An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code.Xine-lib <= 1.1.12 was also found to be vulnerable to a stack-based bufferoverflow in the NES demuxer thanks to milw0rm.com).

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before
1.4.11 do not quote their output when a file is created, which might
allow context-dependent attackers to trigger a macro expansion,
leading to unspecified use of an incorrect filename.
Unspecified vulnerability in GNU m4 before 1.4.11 might allow
context-dependent attackers to execute arbitrary code, related to
improper handling of filenames specified with the -F option. NOTE: it
is not clear when this issue crosses privilege boundaries.

OpenSSH 4.3p2, and probably other versions, allows local users to
hijack forwarded X connections by causing ssh to set DISPLAY to :10,
even when another process is listening on the associated port, as
demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie
sent by Emacs.

New cups packages are available for Vector Linux 5.9 to fix security issues. If you're on a completely secured internal network these issues may be less of a risk than upgrading. If your IPP port is open to the internet, you'd be advised to upgrade as soon as possible (or firewall the port at the gateway if you're not in need of printer jobs coming in from the internet).

Mozilla Firefox 3.0.3 is available to solve security issues. Those who are still running the 2.x versions and want
to use the latest browser from the Mozilla Foundation will need to uninstall it before installing this package. Please note that the language packs are not available yet.

mozilla-firefox (Mozilla Firefox Web browser)
This project is a redesign of the Mozilla browser component written
using the XUL user interface language. Firefox empowers you to
browse faster, more safely and more efficiently than with any other
browser.
Visit the Mozilla Firefox project online:
http://www.mozilla.org/projects/firefox/